Deleting IAM policies - Amazon Identity and Access Management
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Deleting IAM policies

You can delete IAM policies using the Amazon Web Services Management Console, the Amazon Command Line Interface (Amazon CLI), or the IAM API.

For more information about the difference between managed and inline policies, see Managed policies and inline policies.

For general information about IAM policies, see Policies and permissions in IAM.

The number and size of IAM resources in an Amazon account are limited. For more information, see IAM and Amazon STS quotas, name requirements, and character limits.

View policy access

Before you delete a policy, you should review its recent service-level activity. This is important because you don't want to remove access from a principal (person or application) who is using it. For more information about viewing last accessed information, see Refining permissions in Amazon using last accessed information.

Deleting IAM policies (console)

You can delete a customer managed policy to remove it from your Amazon account. You cannot delete Amazon managed policies.

To delete a customer managed policy (console)

  1. Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/.

  2. In the navigation pane, choose Policies.

  3. Select the check box next to the customer managed policy to delete. You can use the search box to filter the list of policies.

  4. Choose Actions, and then choose Delete.

  5. Confirm that you want to delete the policy, and then choose Delete.

To delete an inline policy for a user group, user, or role (console)

  1. In the navigation pane, choose User groups, Users, or Roles.

  2. Choose the name of the user group, user, or role with the policy that you want to delete. Then choose the Permissions tab. If you chose Users or Roles, expand the policy.

  3. To delete an inline policy in User groups, choose Delete. To delete an inline policy in Users or Roles, choose X.

  4. If you are deleting a single inline policy in User groups, type the name of the policy and choose Delete. If you are deleting multiple inline policies in User groups, type the number of policies you are deleting followed by inline policies and choose Delete. For example, if you are deleting three inline policies, type 3 inline policies.

Deleting IAM policies (Amazon CLI)

You can delete a customer managed policy from the Amazon Command Line Interface.

To delete a customer managed policy (Amazon CLI)

  1. (Optional) To view information about a policy, run the following commands:

  2. (Optional) To find out about the relationships between the policies and identities, run the following commands:

  3. To delete a customer managed policy, run the following command:

To delete an inline policy (Amazon CLI)

  1. (Optional) To list all inline policies that are attached to an identity (user, user group, role), use one of the following commands:

  2. (Optional) To retrieve an inline policy document that is embedded in an identity (user, user group, or role), use one of the following commands:

  3. To delete an inline policy from an identity (user, user group, or role that is not a service-linked role), use one of the following commands:

Deleting IAM policies (Amazon API)

You can delete a customer managed policy using the Amazon API.

To delete a customer managed policy (Amazon API)

  1. (Optional) To view information about a policy, call the following operations:

    • To list managed policies: ListPolicies

    • To retrieve detailed information about a managed policy: GetPolicy

  2. (Optional) To find out about the relationships between the policies and identities, call the following operations:

  3. To delete a customer managed policy, call the following operation:

To delete an inline policy (Amazon API)

  1. (Optional) To list all inline policies that are attached to an identity (user, user group, role), call one of the following operations:

  2. (Optional) To retrieve an inline policy document that is embedded in an identity (user, user group, or role), call one of the following operations:

  3. To delete an inline policy from an identity (user, user group, or role that is not a service-linked role), call one of the following operations: